You may not be able to log on to your domain by using a virtual private network (VPN) if you have the Microsoft Proxy 2.0 client or the Microsoft Internet Security and Acceleration (ISA) Server 2000 client installed, and the proxy server can be reached only by using the VPN connection.
This behavior occurs only if you refer to the VPN server by a Domain Name System (DNS) name instead of by the IP address when you create the VPN connection.
Typically, the DNS server's IP address is not contained in the client computer's local address table (LAT). When the client computer tries to resolve the IP address for the VPN server, the client sends the name-resolution request to the proxy server. Because the client cannot reach the proxy server before the VPN connection is established, the name resolution for the VPN server times out.
To change this behavior, add the following lines to the master copy of the Mspclnt.ini file on the server that is running Proxy Server 2.0 or ISA Server 2000:
This behavior is by design.
Note that the resolution that is described in this article prevents Svchost from accessing the external network through a Winsock proxy. Therefore, the following services that are hosted by Svchost do not use a Winsock proxy and users can log on:
Remote Procedure Call (RPC)
Background Intelligent Transfer Service
Logical Disk Manager
Error Reporting Service
COM+ Event System
Network Location Awareness
Remote Access Connection Manager
System Event Notification
Shell Hardware Detection
System Restore Service
Distributed Link Tracking Client
Windows Management Instrumentation
Portable Media Serial Number
Wireless Zero Configuration
TCP/IP NetBIOS Helper
SSDP Discovery Service